Table of Contents
Advertisement
Configuring the Security Appliance for a DMZ Deployment
Starting ASDM
PIX 515E Security Appliance Getting Started Guide
2-6
To accomplish this task, you should configure a PAT translation rule (port
address translation rule, sometimes called an interface NAT) for the internal
interface that translates internal IP addresses to the external IP address of the
security appliance.
In this scenario, the internal address to be translated is that of a subnet of the
private network (10.10.10.0). Addresses from this subnet are translated to the
public address of the security appliance (209.165.200.225).
For external clients to have HTTP access to the DMZ web server, you must
•
configure an external identity for the DMZ web server and an access rule that
permits HTTP requests coming from clients on the Internet. To accomplish
this task, you should configure the following:
Create a static NAT rule. This rule translates the real IP address of the
–
DMZ web server to a single public IP address. In this scenario, the public
address of the web server is 209.165.200.226.
Create a security access rule permitting traffic from the Internet if the
–
traffic is an HTTP request destined for the public IP address of the DMZ
web server.
To run ASDM in a web browser, enter the factory-default IP address in the
address field: https://192.168.1.1/admin/.
Remember to add the "s" in "https" or the connection fails. HTTPS
Note
(HTTP over SSL) provides a secure connection between your browser
and the security appliance.
The Main ASDM window appears.
Chapter 2
Scenario: DMZ Configuration
78-17645-01
- Quick Links:
- Starting Asdm
Hide quick links:
Advertisement
Table of Contents
